async Task <IAccessToken> INonCachingAccessTokenProvider.ProvisionAccessTokenAsync(
IEnumerable <Claim> claimSet,
IEnumerable <Scope> scopes
)
{
List <Claim> claims = claimSet.ToList();
scopes = scopes ?? Enumerable.Empty <Scope>();
DateTime now = DateTime.UtcNow;
string issuer;
if (!claims.TryGetClaim(Constants.Claims.ISSUER, out issuer))
{
throw new InvalidOperationException("missing issuer claim");
}
var unsignedToken = new UnsignedToken(
issuer: issuer,
audience: Constants.ASSERTION_AUDIENCE,
claims: claims,
notBefore: now,
expiresAt: now + Constants.ASSERTION_TOKEN_LIFETIME);
string assertion = await m_tokenSigner
.SignAsync(unsignedToken)
.SafeAsync();
return(await m_client
.ProvisionAccessTokenAsync(assertion, scopes)
.SafeAsync());
}
public async Task SignsUnsignedToken()
{
var token = new UnsignedToken(
issuer: "issuer",
audience: "audience",
claims: new Dictionary <string, object>()
{
{ "scopes", "a:b:c a:b:d" },
{ "tenantid", "325cb46b-488d-4061-aa2c-eef5a12b6b7c" }
},
notBefore: new DateTime(2019, 1, 1, 0, 0, 0, DateTimeKind.Utc),
expiresAt: new DateTime(2019, 1, 1, 1, 0, 30, DateTimeKind.Utc)
);
var signed = await m_tokenSigner.SignAsync(token);
Assert.AreEqual(SignedToken, signed);
}
private void SetUp(out Uri host, out string token, out Guid id)
{
string hostStr;
var server = HttpMockFactory.Create(out hostStr);
host = new Uri(hostStr);
#pragma warning disable 618
IPublicKeyDataProvider publicKeyDataProvider = new InMemoryPublicKeyDataProvider();
#pragma warning restore 618
ITokenSigner tokenSigner = GetTokenSigner(publicKeyDataProvider);
token = tokenSigner
.SignAsync(new UnsignedToken(
"some issuer",
"some audience",
new List <Claim>(),
DateTime.Now,
DateTime.Now + TimeSpan.FromDays(1)
))
.SafeAsync()
.GetAwaiter()
.GetResult();
var jwk = publicKeyDataProvider
.GetAllAsync()
.SafeAsync()
.GetAwaiter()
.GetResult()
.First();
id = jwk.Id;
server
.Stub(r => r.Get("/.well-known/jwks"))
.Return(JsonConvert.SerializeObject(new { keys = new object[] { jwk.ToJwkDto() } }))
.OK();
}
public static async Task <string> GetAccessTokenValidForAMinute(
long?userId = null,
long?actualUserId = null,
string scope = null,
Guid?tenantId = null,
DateTime?issuedAtTime = null
)
{
issuedAtTime = issuedAtTime ?? DateTime.UtcNow;
scope = scope ?? "*:*:*";
tenantId = tenantId ?? Guid.NewGuid();
var claims = new Dictionary <string, object>();
claims.Add(Constants.Claims.SCOPE, scope);
claims.Add(Constants.Claims.TENANT_ID, tenantId.ToString());
if (userId != null)
{
claims.Add(Constants.Claims.USER_ID, userId.Value.ToString());
}
if (actualUserId != null)
{
claims.Add(Constants.Claims.ACTUAL_USER_ID, actualUserId.Value.ToString());
}
return(await m_signer.SignAsync(
new UnsignedToken(
issuer : Constants.ACCESS_TOKEN_ISSUER,
audience : Constants.ACCESS_TOKEN_AUDIENCE,
claims : claims,
notBefore : issuedAtTime.Value,
expiresAt : issuedAtTime.Value + TimeSpan.FromMinutes(1)
)
).SafeAsync());
}
async Task <IAccessToken> INonCachingAccessTokenProvider.ProvisionAccessTokenAsync(
IEnumerable <Claim> claimSet,
IEnumerable <Scope> scopes
)
{
List <Claim> claims = claimSet.ToList();
scopes = scopes ?? Enumerable.Empty <Scope>();
DateTime now = DateTime.UtcNow;
string issuer = claims.FirstOrDefault(c => c.Type == Constants.Claims.ISSUER)?.Value;
if (issuer == null)
{
throw new InvalidOperationException("missing issuer claim");
}
var filteredClaims = claims
.Where(t => t.Type != Constants.Claims.ISSUER)
.ToDictionary(t => t.Type, t => (object)t.Value);
var unsignedToken = new UnsignedToken(
issuer: issuer,
audience: Constants.ASSERTION_AUDIENCE,
claims: filteredClaims,
notBefore: now,
expiresAt: now + Constants.ASSERTION_TOKEN_LIFETIME);
string assertion = await m_tokenSigner
.SignAsync(unsignedToken)
.ConfigureAwait(false);
return(await m_client
.ProvisionAccessTokenAsync(assertion, scopes)
.ConfigureAwait(false));
}
public async Task <string> SignTokenBackdoor(UnsignedToken token)
{
return(await m_tokenSigner
.SignAsync(token)
.SafeAsync());
}
public async Task <string> SignTokenBackdoor(UnsignedToken token)
{
return(await m_tokenSigner
.SignAsync(token)
.ConfigureAwait(false));
}
